+++ This bug was initially created as a clone of Bug #16071 +++ Adding a large number of IPv6 entries for a host in /etc/hosts and then querying it results in a segmentation fault. How reproducible: Always Steps to Reproduce: 1. Create 50K '127.0.0.1 host-fubar' entries, and 50K '::1 host-fubar' entries in '/etc/hosts'. 2. Call getaddrinfo for 'node' = "host-fubar", no 'flags' set, and AF_INET in 'hints->ai_family'. Actual results: SIGSEGV Expected results: No SIGSEGV Patch coming up.
This has been assigned CVE-2013-4458.
Fixed in master: commit 7cbcdb3699584db8913ca90f705d6337633ee10f Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Fri Oct 25 10:22:12 2013 +0530 Fix stack overflow due to large AF_INET6 requests Resolves #16072 (CVE-2013-4458). This patch fixes another stack overflow in getaddrinfo when it is called with AF_INET6. The AF_UNSPEC case was fixed as CVE-2013-1914, but the AF_INET6 case went undetected back then. ChangeLog | 6 ++++++ NEWS | 5 ++++- sysdeps/posix/getaddrinfo.c | 20 ++++++++++++++++++-- 3 files changed, 28 insertions(+), 3 deletions(-)